search

jmathai / elodie

An EXIF-based photo assistant, organizer and workflow automation tool.
https://bit.ly/introducing-elodie
Apache License 2.0
1.27k stars 139 forks source link

Upgrade Pillow to 7.2 to address security vulnerability #384

Closed jmathai closed 3 years ago

jmathai commented 3 years ago

https://github.com/jmathai/elodie/network/alert/requirements.txt/Pillow/open

Jogai commented 3 years ago

Maybe enable dependabot: https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/enabling-and-disabling-version-updates

jmathai commented 3 years ago

@Jogai I do have a PR open (gh-385) but the version of Pillow without the vulnerability is not available for Python 2.7.

Jogai commented 3 years ago

In that case this issue is a bit premature, because elodie should move to 3 first: https://www.python.org/doc/sunset-python-2/

jmathai commented 3 years ago

Closed in #385